Jason Mock wrote: > Hello, > > I have a few more questions that were pushed my direction from our Board > of Directors. Before the questions though I would like to thank you for > the fast response to my inquiry! It will make you proud to know that > you were the first response to the questions that I had out of Red Hat, > Suse, Xandros, Slackware, and Mandriva. Here are the 2 additional > questions that I need some assistance with: > > 1. Security features, current and planned? We have a highly responsive security team who address issues as they arise: http://www.debian.org/security/ This combined with the fact that our packaging system allows for continuous upgrades means that when an alert happens, you will have developed a level of confidence in the system that will allow you to actually perform the upgrade. Other systems, where one is not able to develop that confidence, tend to gently rot to the point where nobody is brave enough to upgrade anything, regardless of how grave the security flaws that are being left open by not doing so. The reason our upgrade system works so well is in part due to the chaotic nature of our organisation. Because we have vast numbers of developers, and users, running all sorts of odd combinations of versions of software, upgrading them in different orders, and generally doing bizarre things, pretty much every conflict or dependency problem you were ever going to run into has been found by someone else months ago -- that means that you won't get bitten by those bugs. If we only tested packages against the other software in a particular release, and only attempted to build it for one or two architectures, many of those packaging issues would go undetected, and so would still be available to bite you. So we have effective security updates, on a system where you will be brave enough to actually apply them in a timely manner. > 2. Why is distribution better than others available? I think I covered a lot of the points I the previous mail. probably few things that should be of particular interest are: The fact that we positively encourage people to do spin-off distributions for specialist purposes, to the extent that we have mailing lists, and tools to make that easier -- as an ISV, selling turn-key solutions, you are in effect doing a specialised version of the OS you distribute, so having the tools and experience of others to build that with is likely to make the final result much more robust than if you're just standing there passively waiting for the distribution vendor to slop whatever they felt like serving up this time round into your bowl. We don't expect you to pay is any sort of fee. Not up-front, and not per server. Of course, you may chose to spend the money you've saved on support from one of the many offering commercial support on Debian, but that will be up to you, and if you don't like the support you get, you'll have the chance to go elsewhere without needing to change the distribution you're using. There is absolutely no possibility of us going bust, changing business strategy, deciding to sue the known universe or any of the other annoying things that software vendors are prone to do, because we're not doing this for the money, and I doubt there is anything anybody could do to stop most of the people involved in Debian from doing what they're doing. > Again thanks for your input, and help in our search for a Linux > platform. You guys are great! Have fun, whatever you decide. Cheers, Phil.
Attachment:
signature.asc
Description: OpenPGP digital signature